#!/usr/bin/env python

import pymongo
import argparse

parser = argparse.ArgumentParser(description='Unauthenticated MongoDB servers expose to the Internet.')
parser.add_argument('host',help='domain/IP of the MongoDB server')
parser.add_argument('port',help='port number, default is 27017',nargs='?',default=27017,type=int)
args = parser.parse_args()

def size(s):
	u=0
	units=['B','kB','MB','GB','TB']
	while s>=1024:
		s/=1024
		u+=1
	return '{:.1f} {}'.format(s,units[u])
def exploit(host,port=27017):
	try:
		client=pymongo.MongoClient(host,port)
		db=client.admin
		db_list=db.command('listDatabases')['databases']
		align=max([len(i['name']) for i in db_list])
		for i in db_list:
			print '{:{x}}    {}'.format(i['name'],size(i['sizeOnDisk']),x=align)
	except Exception as e:
		if e.__class__.__name__=='OperationFailure':
			print 'Not vulnerable!'
		elif e.__class__.__name__=='ServerSelectionTimeoutError':
			print 'Timeout!'
		else:
			print 'Something went wrong!'

exploit(args.host,args.port)